THE SOCIAL SECURITY ADMINISTRATION’S
COMPLIANCE WITH SOCIAL SECURITY
NUMBER REPLACEMENT CARD ISSUANCE
PROVISIONS OF THE INTELLIGENCE REFORM
AND TERRORISM PREVENTION ACT OF 2004

March
2010

A-02-09-19006

AUDIT REPORT

Mission

By conducting independent and objective audits, evaluations and investigations, we inspire public confidence in the integrity and security of SSA’s programs and operations and protect them against fraud, waste and abuse. We provide timely, useful and reliable information and advice to Administration officials, Congress and the public.

Authority

The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:

 Conduct and supervise independent and objective audits and investigations relating to agency programs and operations.
 Promote economy, effectiveness, and efficiency within the agency.
 Prevent and detect fraud, waste, and abuse in agency programs and operations.
 Review and make recommendations regarding existing and proposed legislation and regulations relating to agency programs and operations.
 Keep the agency head and the Congress fully and currently informed of problems in agency programs and operations.

To ensure objectivity, the IG Act empowers the IG with:

 Independence to determine what reviews to perform.
 Access to all information necessary for the reviews.
 Authority to publish findings and recommendations based on the reviews.

Vision

We strive for continual improvement in SSA’s programs, operations and management by proactively seeking new ways to prevent and deter fraud, waste and abuse. We commit to integrity and excellence by supporting an environment that provides a valuable public service while encouraging employee development and retention and fostering diversity and innovation.

MEMORANDUM

Date: March 4, 2010 Refer To:

To: The Commissioner

From: Inspector General

Subject: The Social Security Administration's Compliance with Social Security Number Replacement Card Issuance Provisions of the Intelligence Reform and Terrorism Prevention Act of 2004 (A-02-09-19006)

OBJECTIVE

To determine whether the Social Security Administration (SSA) complied with provisions of the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) (Public Law 108-458), which set limits on the number of Social Security number (SSN) replacement cards that can be issued.

BACKGROUND

On December 17, 2004, the President signed IRTPA into law. Section 7213(a) of IRTPA mandates that SSA restrict the issuance of multiple replacement SSN cards to any individual to 3 per year and 10 for life. IRTPA gives SSA the authority to allow for reasonable exceptions to the replacement card limits on a case-by-case basis in compelling circumstances.

SSA established policies and procedures to comply with IRTPA SSN replacement card restrictions and started imposing limits for replacement cards issued on or after December 17, 2005. SSN replacement cards provided for certain reasons, such as a

legal name change or legend change on a previously issued card, are not counted toward the annual or lifetime limits.

SSA also allows reasonable exceptions to the annual and lifetime limits. SSA created the following exceptions for the release of an SSN replacement card to an individual who has already reached his or her annual or lifetime limit.

• Legal name change (including first name or surname)
• Legend change (a restrictive legend printed on the face of the SSN card is removed/added/changed)
• SSA mistake (administrative errors)
• Hardship
• Non-receipt (a non-receipt request must be completed within 45 days of issuance of the previous SSN card to count as an exception)

The SS-5 Assistant software, through the Modernized Enumeration System (MES), tracks the number of replacement SSN cards an individual receives and generates an on-screen alert when the 3-card annual or 10-card lifetime limit has been met. To release a replacement card after the limits have been met, SSA staff must enter a code indicating which of the exceptions has been met.

To determine whether SSA was complying with IRTPA replacement card restrictions, we reviewed all enumeration transactions for individuals who received additional replacement SSN card(s) after reaching the annual or lifetime limit since the date of IRTPA’s enactment. We identified 1,632 individuals who were issued 4 or 5 SSN replacement cards in a year. We randomly selected a sample of 50 individuals who received 4 or 5 replacement cards in a year and reviewed all the related enumeration transactions to identify any cards issued in error. We also reviewed all nine individuals who received six or more cards in a year and all eight individuals who received four or five replacement cards in multiple years. In total, we reviewed 67 sampled records. Additional details of our scope and methodology are found in Appendix B.

RESULTS OF REVIEW

SSA generally complied with the SSN replacement card provisions of IRTPA. However, improvements in systems controls over the processing of SSN replacement card requests will help SSA obtain full compliance with these provisions. We identified a number of individuals who received SSN replacement cards beyond the 3-per-year limit established in IRTPA without a valid exclusion or exception. Twenty-nine (58 percent) of the 50 individuals in our random sample received 4 or 5 SSN replacement cards in 1 year even though they did not have a valid exclusion or exception for the additional cards. They received additional replacement cards beyond their annual limit for one of two reasons: (1) SSA's systems detected a change in the type of evidence submitted to obtain an SSN card as an allowable legend change exclusion, or (2) SSA issued replacement cards beyond the time limit permitted under the non-receipt exception. Projecting this finding to the population, we estimate that SSA erroneously issued SSN replacement cards to 947 individuals after they reached their annual limit.

We also identified 17 individuals who received either 6 or more cards in a year or 4 or more cards in each of 2 CYs. We determined that 12 (70 percent) of these 17 individuals received 1 or more replacement SSN cards in error.

We did not find any individuals who exceeded the lifetime limit of 10 replacement cards.

ANNUAL LIMIT ON SSN REPLACEMENT CARDS

Of the 67 sample records we reviewed, 41 individuals (61 percent) received SSN cards in error. These 41 individuals either had a replacement card that was improperly excluded from the count of cards allowed in a year or were improperly excepted after they reached their annual limit. Twenty-two of these individuals received the erroneous cards because of an error in the system programming SSA uses to process SSN replacement card requests. In these cases, the cards were released based on a
legend change exclusion even though the replacement cards did not result in a removal, addition, or change to a restrictive legend on the face of the SSN card. Per SSA policy, only legend changes that result in a change to a restrictive legend on the face of an SSN card are to be excluded or excepted from the IRTPA limits.

The remaining 19 individuals received SSN replacement cards beyond the annual limit based on an erroneous non-receipt exception. In these cases, the individuals received replacement cards based on a claim that they did not receive their previously requested replacement card. However, the erroneously released cards were beyond the allowable time limit. The majority of these individuals was issued replacement cards more than 90 days after their previous requests. One individual received a non-receipt exception 183 days after his original request.

Legend Changes

We found that the MES, which processes SSN replacement card requests, counted all evidence (IDN) code changes as restrictive legend changes. SSA asks all applicants for SSN replacement cards about their immigration or citizenship status to ensure they are eligible to receive an SSN card. IDN codes in the MES indicate the type of IDN applicants provided to support their allegation of citizenship and place of birth. While an IDN code change may indicate a change in an applicant’s immigration status or citizenship that results in a change to a restrictive legend, not all IDN changes indicate such a change. The IDN code in the MES can change from one SSN card request to the next simply because the applicant used a different type of IDN for each request. For example, an IDN code could change from one replacement SSN card request to the next if the applicant presented a birth certificate as identification when making the first request and a driver’s license when making the second request.

SSA’s Office of Systems created automated controls in MES to ensure that only allowable exceptions to the SSN replacement card limits were processed. However, Systems staff confirmed that the MES was programmed to accept all IDN code changes as restrictive legend change exceptions to the IRTPA limits. The Systems staff stated that they made the MES changes based on the system requirements in the Request for Operational Support provided by the Office of Management and Operations Support, a division of SSA’s Office of Operations. We confirmed that the Request for Operational Support stated that SSN replacement card requests with an IDN code change should not be counted toward the annual or lifetime IRTPA limits. Accordingly, the system’s programming was consistent with the directions received, though it allowed some replacement card requests that were not restrictive legend changes to be improperly excluded or excepted from the IRTPA limits.

Non-Receipt Exceptions

Although a report of a non-receipt of a replacement card is one of the allowable exceptions after reaching the IRTPA limits, it is only a valid exception per SSA policy if the request is completed within 45 days of the previous request for a card. SS-5 Assistant—the application SSA staff use to enter required MES information to process requests for replacement cards—requires that SSA staff enter an exception code before allowing a request to be completed if the applicant has reached his/her annual or lifetime limit for replacement cards. We found that SSA staff could enter, and the SS-5 Assistant would accept, a non-receipt exception code that allows the request to be completed even if the previous request for an SSN replacement card was more than 45 days earlier.

SSA is phasing in a new program—the Social Security Number Application Process (SSNAP)—which will replace the current SS-5 Assistant and MES by the spring of 2010. SSA staff informed us the new program will produce a system alert that will inform SSA staff if they are entering a non-receipt exception code more than 45 days after the date of the previous card request. However, the alert will not prevent SSN replacement card requests from being processed if staff should still use the non-receipt exception code even after they were alerted that it is not applicable because of the elapse of time.

EFFECTS OF ISSUING REPLACEMENT CARDS ERRONEOUSLY

SSN cards obtained by an individual other than the one for whom it was intended may be misused for employment. We identified 17 of 87 individuals who appeared to have questionable earnings posted under their SSNs. These individuals appeared to have multiple earnings from various employers, often geographically spread, for different types of employment. For example, one SSN showed earnings related to casino and resort operations in New Jersey, manufacturing in Ohio, and poultry processing in North Carolina in the same year.

Per our request, SSA attempted to contact these 17 individuals, but it was only able to contact 3. SSA confirmed that one of the three individuals acknowledged the earnings posted on his record did not belong to him. The other two individuals interviewed stated that the posted earnings were correct. SSA could not confirm whether the questionable earnings for the remaining 14 individuals belonged to them.

CONCLUSION AND RECOMMENDATIONS

SSA generally complied with the SSN replacement card provisions of IRTPA. However, improvements in systems controls over the processing of SSN replacement card requests will help SSA obtain full compliance with these provisions. SSA issued individuals one or more replacement SSN cards in error since its systems inappropriately detected a type of evidence change as a legend change. However, an IDN change gives rise to a valid exclusion only when a restrictive legend is added or removed from the previously issued SSN card. Also, while SSA’s policy states that a non-receipt exception is only valid within 45 days of a previous request, its systems accepted non-receipt exceptions as valid beyond 45 days of a previous request for an SSN replacement card. To help accurately limit the number of SSN replacement cards issued in a year and/or lifetime and curb SSN misuse, we recommend that SSA:

1. Ensure its systems allow legend change exclusions to IRTPA annual and lifetime limits only when a restrictive legend on the face of an SSN card has been changed or removed.

2. Ensure its systems only allow non-receipt exceptions to IRTPA annual and lifetime limits for non-receipt claims that occur within 45 days of the previous request for an SSN replacement card. In the rare instances where a valid justification for allowing a non-receipt claim beyond 45 days of the previous request exists, ensure that the justification is documented within SSA’s systems. (For example, SSA could use a two-personal identification number process requiring management personnel to approve such transactions.)

Our objective was to determine whether the Social Security Administration (SSA) complied with provisions of the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) (Public Law 108-458), which set limits on the number of Social Security number (SSN) replacement cards that can be issued. To accomplish our objective, we:

• Reviewed applicable sections of the Social Security Act and other relevant legislation as well as SSA’s regulations, rules, policies, and procedures.

• Obtained a data file of 41,821 records extracted from the Enumeration History File for individuals with 4 or more replacement SSN card transactions per calendar year or 10 or more transactions beginning with cards issued on or after December 17, 2005 to the time of our extract (March 14, 2008). We eliminated records where a card was not printed, a card was suppressed, and/or a duplicate reference number existed. We also removed transactions processed within 7 days of the prior transaction since these transactions do not result in the printing of an SSN card. After we eliminated these records, 10,383 records remained. We then determined how many of these individuals were issued more than three SSN replacement cards in a year.

• Identified a population of 1,649 individuals who were issued more than 3 replacement cards in a year. These individuals were issued a total of 6,748 cards between December 17, 2005 and March 14, 2008. We further classified this population into 3 groups and reviewed 67 sampled records:

 a random sample of 50 of the 1,632 individuals with 4 or 5 replacement cards issued in a year,
 all 9 individuals with 6 replacement cards issued in a year, and
 all 8 individuals who exceeded the annual limit in multiple years.

• Identified individuals who appeared to be issued one or more additional SSN replacement cards beyond the IRTPA annual limit.

• Referred our findings to SSA staff. Through our discussions with the staff and their review of the records we identified, we determined why SSA’s systems allowed SSN replacement cards to be released beyond the IRTPA annual limit.

• Identified 17 individuals who appeared to have questionable earnings. We considered the earnings questionable if there were earnings from various employers spread geographically and/or for different types of employment. These 17 individuals were identified in 2 different subsets of the population of 1,649 individuals who received 4 or more replacement SSN cards in a calendar year. Seven of the 17 individuals were from our sample of 67 individuals who received 4 or more replacement cards in a year. The remaining 10 of the 17 individuals were identified in an forensic analysis we completed of 20 individuals who received 4 or more replacement cards in a year at an address where another unrelated individual received an SSN card in that same year.

• SSA field office staff attempted to contact the 17 individuals, but they were only able to interview 3 of the 17. SSA could not contact the remaining 14 individuals, so we were unable to determine whether the questionable earnings belonged to these individuals. SSA confirmed that the earnings posted for one of the three individuals contacted did not belong to the SSN holder. The inaccurate earnings were for an out-of-State employer for which the individual did not work. Also, the type of business did not coincide with the individual’s previous work history. The other two individuals interviewed stated that the posted earnings were correct.

• Reviewed Enumeration History File transactions to determine whether certain field office codes and employee Personal Identification Numbers (PIN) appeared in the data more than expected. We referred all enumeration transactions processed under seven employees’ PINs who issued more replacement cards than other PINs in our data. SSA referred two of these employees to the Office of the Inspector General’s Office of Investigations for further review.

We conducted our audit in the New York Audit Division between June and October 2009. We tested the data obtained for our audit and determined them to be sufficiently reliable to meet our objective. The entities audited were the Office of Earnings, Enumeration and Administrative Systems under the Deputy Commissioner for Systems; and the Offices of Public Services and Operations Support and Management and Operations Support under the Deputy Commissioner for Operations. We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

SAMPLE RESULTS

Projecting our findings to the population of 1,632 individuals, we estimate SSA erroneously issued replacement SSN cards to 947 individuals after reaching their annual or lifetime limit—588 individuals because of improper detection of a type of evidence code as a “legend” change, and 359 additional individuals received 1 or more replacement cards under non-receipt claims filed more than 45 days after the original SSN card requests.

Table B-1 – Individuals Who Received Four or Five SSN Replacement Cards in 1 Year
Description Number of Recipients
Population Size (Universe Size) 1,632
Sample Size 50

Table B-2 – Number of Individuals Who Received SSN Replacement Cards in Error Because of Improper Detection of an Evidence Code Change as a Legend Change
Description Number of Recipients
Quantity Identified In Sample 18
Projected Quantity In Universe 588
Projection - Lower Limit 406
Projection - Upper Limit 789
Note: All statistical projections are at the 90-percent confidence level.

Table B-3 – Number of Individuals Who Received SSN Replacement Cards
in Error Due to Non-receipt Claims Filed More Than 45 Days after Original Request
Description Number of Beneficiaries
Quantity Identified In Sample 11
Projected Quantity In Universe 359
Projection - Lower Limit 212
Projection - Upper Limit 548
Note: All statistical projections are at the 90-percent confidence level.

In addition to the sample review described above, we reviewed all 17 individuals who received 6 or more cards in a year and those who received 4 or 5 cards during each of 2 calendar years. Of these 17 individuals, we determined that 12 (70 percent) received one or more replacement SSN cards in error. These 17 individuals were issued a total of 25 cards in error, since some received more than 1 card in error.

Appendix C
Agency Comments

MEMORANDUM

Date: February 12, 2010 Refer Refer To: S1J-3

To: Patrick P. O'Carroll, Jr.
Inspector General

From: Margaret J. Tittel /s/ Dean Landis for
Acting Chief of Staff

Subject: Office of the Inspector General (OIG) Draft Report, “SSA’s Compliance with Social Security Number Replacement Card Issuance Provisions of the Intelligence Reform and Terrorism Protection Act of 2004” (A-02-09-19006)—INFORMATION

Thank you for the opportunity to review and comment on the draft report. We appreciate OIG’s efforts in conducting this review. Attached is our response to the report findings and recommendations.

Please let me know if we can be of further assistance. Please direct staff inquiries to
Candace Skurnik, Director, Audit Management and Liaison Staff, at extension 54636.

Attachment

COMMENTS ON THE OFFICE OF INSPECTOR GENERAL (OIG) DRAFT REPORT, “SSA'S COMPLIANCE WITH SOCIAL SECURITY NUMBER (SSN) REPLACEMENT CARD ISSUANCE PROVISIONS OF INTELLIGENCE REFORM AND TERRORISM PROTECTION ACT (IRTPA) OF 2004” (A-02-09-19006)

Ensure its systems allow legend change exclusions to IRTPA annual and lifetime limits only when a restrictive legend on the face of an SSN card has been changed or removed.

Comment

We agree. We will make system changes as resources permit.

Recommendation 2

Ensure its systems only allow non-receipt exceptions to IRTPA annual and lifetime limits for non-receipt claims that occur within 45 days of the previous request for an SSN replacement card. In the rare instances where a valid justification for allowing a non-receipt claim beyond 45 days of the previous request exists, ensure that the justification is documented within SSA’s systems. (For example, SSA could use a two-personal identification number process requiring management personnel to approve such transactions.)

Comment

We agree. We will make system changes as resources permit.

Appendix D
OIG Contacts and Staff Acknowledgments
OIG Contacts

Tim Nee, Director, New York Audit Division

Christine Hauss, Audit Manager

Acknowledgments

In addition to those named above:

James Kim, Senior Analyst

Brennan Kraje, Statistician

For additional copies of this report, please visit our web site at www.socialsecurity.gov/oig or contact the Office of the Inspector General’s Public Affairs Staff Assistant at (410) 965-4518. Refer to Common Identification Number
A-02-09-19006.

DISTRIBUTION SCHEDULE

Commissioner of Social Security
Office of Management and Budget, Income Maintenance Branch
Chairman and Ranking Member, Committee on Ways and Means
Chief of Staff, Committee on Ways and Means
Chairman and Ranking Minority Member, Subcommittee on Social Security
Majority and Minority Staff Director, Subcommittee on Social Security
Chairman and Ranking Minority Member, Committee on the Budget, House of Representatives
Chairman and Ranking Minority Member, Committee on Oversight and Government Reform
Chairman and Ranking Minority Member, Committee on Appropriations, House of Representatives
Chairman and Ranking Minority, Subcommittee on Labor, Health and Human Services, Education and Related Agencies, Committee on Appropriations,
House of Representatives
Chairman and Ranking Minority Member, Committee on Appropriations, U.S. Senate
Chairman and Ranking Minority Member, Subcommittee on Labor, Health and Human Services, Education and Related Agencies, Committee on Appropriations, U.S. Senate
Chairman and Ranking Minority Member, Committee on Finance
Chairman and Ranking Minority Member, Subcommittee on Social Security Pensions and Family Policy
Chairman and Ranking Minority Member, Senate Special Committee on Aging
Social Security Advisory Board

Overview of the Office of the Inspector General
The Office of the Inspector General (OIG) is comprised of an Office of Audit (OA), Office of Investigations (OI), Office of the Counsel to the Inspector General (OCIG), Office of External Relations (OER), and Office of Technology and Resource Management (OTRM). To ensure compliance with policies and procedures, internal controls, and professional standards, the OIG also has a comprehensive Professional Responsibility and Quality Assurance program.
Office of Audit
OA conducts financial and performance audits of the Social Security Administration’s (SSA) programs and operations and makes recommendations to ensure program objectives are achieved effectively and efficiently. Financial audits assess whether SSA’s financial statements fairly present SSA’s financial position, results of operations, and cash flow. Performance audits review the economy, efficiency, and effectiveness of SSA’s programs and operations. OA also conducts short-term management reviews and program evaluations on issues of concern to SSA, Congress, and the general public.
Office of Investigations
OI conducts investigations related to fraud, waste, abuse, and mismanagement in SSA programs and operations. This includes wrongdoing by applicants, beneficiaries, contractors, third parties, or SSA employees performing their official duties. This office serves as liaison to the Department of Justice on all matters relating to the investigation of SSA programs and personnel. OI also conducts joint investigations with other Federal, State, and local law enforcement agencies.
Office of the Counsel to the Inspector General
OCIG provides independent legal advice and counsel to the IG on various matters, including statutes, regulations, legislation, and policy directives. OCIG also advises the IG on investigative procedures and techniques, as well as on legal implications and conclusions to be drawn from audit and investigative material. Also, OCIG administers the Civil Monetary Penalty program.
Office of External Relations
OER manages OIG’s external and public affairs programs, and serves as the principal advisor on news releases and in providing information to the various news reporting services. OER develops OIG’s media and public information policies, directs OIG’s external and public affairs programs, and serves as the primary contact for those seeking information about OIG. OER prepares OIG publications, speeches, and presentations to internal and external organizations, and responds to Congressional correspondence.
Office of Technology and Resource Management
OTRM supports OIG by providing information management and systems security. OTRM also coordinates OIG’s budget, procurement, telecommunications, facilities, and human resources. In addition, OTRM is the focal point for OIG’s strategic planning function, and the development and monitoring of performance measures. In addition, OTRM receives and assigns for action allegations of criminal and administrative violations of Social Security laws, identifies fugitives receiving benefit payments from SSA, and provides technological assistance to investigations.